AMENDMENTS TO THE CLAIMS 



This listing of claims will replace all prior versions, and listings, of claims 
in the application: 

Listing of Claims: 



1 1 . (Currently Amended) A method for facilitating high speed network 

2 packet flow by resolving conflicts between network service rules for network data 

3 traffic in a system where rule patterns with longer prefixes match before rule 

4 patterns with shorter prefixes, comprising: 

5 receiving one or more flows of packets; 

6 collapsing various operations related to managing network flows into a 

7 single flow classification and dispatch stop; 

8 receiving a set of network service rules for network data traffic from 

9 multiple network services, wherein network service rules from different network 

1 0 services can possibly conflict; 

1 1 wherein each of the network service rules specifies, a filter that defines a 

12 prefix for a set of packets in the packet flow, and an action list that specifies one 

13 or more actions to be applied to the set of packets; 

14 identifying a-conflicts between a-higher priority rules and a-lower priority 

1 5 rules in the set of network service rules that are to be applied to packet flows ; 

16 constructing a consistent set of network service rules with modified action 

1 7 lists, wherein each action list is modified rcsolving the conflict by prepending an 

1 8 action list of the higher priority rule to an action list of a rule with a filter that 

19 defines a longer prefix; and 

20 applying thea consistent set of rules to a switching mechanism to facilitate 

21 packet flow management . 
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1 2. (Original) The method of claim 1, wherein if the set of packets 

2 associated with the higher priority rule is equal to the set of packets associated 

3 with the lower priority rule, resolving the conflict involves creating a new action 

4 list for the higher priority rule by prepending the action list of the higher priority 

5 rule to the action list of the lower priority rule. 

1 3. (Original) The method of claim 1, wherein if the set of packets 

2 associated with the higher priority rule is a superset of the set of packets 

3 associated with the lower priority rule, resolving the conflict involves creating a 

4 new action list for the lower priority rule by prepending the action list of the 

5 higher priority rule to the action list of the lower priority rule. 

1 4. (Original) The method of claim 1, wherein if the set of packets 

2 associated with the lower priority rule is a superset of the set of packets associated 

3 with the higher priority rule, resolving the conflict involves creating a new action 

4 list for the higher priority rule by prepending the action list of the higher priority 

5 rule to the action list of the lower priority rule. 



1 5. (Original) The method of claim 1, wherein if the set of packets 

2 associated with the lower priority rule intersects the set of packets associated with 

3 the higher priority rule, resolving the conflict involves: 

4 creating a new rule with a filter that defines the intersection of the set of 

5 packets associated with lower priority rule and the set of packets associated with 

6 the higher priority rule; and 

7 creating an action list for the new rule by prepending the action list of the 

8 higher priority rule to the action list of the lower priority rule. 
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1 6. (Original) The method of claim 1, wherein prior to modifying a 

2 rule in the set of network service rules, the method further comprises cloning the 

3 rule to ensure that potential conflicts with rules that appear later in the set of 

4 network service rules are not overlooked. 

1 7. (Original) The method of claim 1, wherein the priority of a given 

2 rule is based upon one or more of the following: 

3 a priority associated with a network service from which given rule 

4 originated; 

5 a count of the number of prefix bits specified by the filter for the given 

6 rule; and 

7 a time stamp indicating when the given rule was incorporated into the set 

8 of network service rules. 

1 8. (Original) The method of claim 1 , wherein an action specified by a 

2 network service rule can include, but is not limited to: 

3 dropping a packet; 

4 gathering statistical information about the packet; 

5 controlling timer functions associated with the packet; 

6 modifying the packet; and 

7 passing the packet on. 

1 9. (Original) The method of claim 1, wherein the multiple network 

2 services can include, but is not limited to: 

3 a firewall service; 

4 a service level agreement monitoring service; 

5 a load balancing service; 

6 a transport matching service; 
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7 a failover service; and 

8 a high availability service. 

1 10. (Currently Amended) A computer-readable storage medium storing 

2 instructions that when executed by a computer cause the computer to perform a 

3 method for resolving conflicts between network service rules for network data 

4 traffic in a system where rule patterns with longer prefixes match before rule 

5 patterns with shorter prefixes, the method comprising: 

6 receiving one or more flows of packets; 

7 collapsing various operations related to managing network flows into a 

8 single flow classification and dispatch step; 

9 receiving a set of network service rules for network data traffic from multiple 

10 network services, wherein network service rules from different network services 

1 1 can possibly conflict; 

12 wherein each of the network service rules specifies, a filter that defines a 

13 prefix for a set of packets in the packet flow, and an action list that specifies one 

14 or more actions to be applied to the set of packets; 

1 5 identifying a-conflicts between a-higher priority rules and a-lower priority 

16 rules in the set of network service rules that are to be applied to packet flows ; and 

17 constructing a consistent set of network service rules with modified action 

1 8 lists, wherein each action list is modified resolving the conflict by prepending an 

1 9 action list of the higher priority rule to an action list of a rule with a filter that 

20 defines a longer prefix. 

1 11. (Original) The computer-readable storage medium of claim 10, 

2 wherein if the set of packets associated with the higher priority rule is equal to the 

3 set of packets associated with the lower priority rule, resolving the conflict 
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4 involves creating a new action list for the higher priority rule by prepending the 

5 action list of the higher priority rule to the action list of the lower priority rule. 

1 12. (Original) The computer-readable storage medium of claim 10, 

2 wherein if the set of packets associated with the higher priority rule is a superset 

3 of the set of packets associated with the lower priority rule, resolving the conflict 

4 involves creating a new action list for the lower priority rule by prepending the 

5 action list of the higher priority rule to the action list of the lower priority rule. 

1 13. (Original) The computer-readable storage medium of claim 10, 

2 wherein if the set of packets associated with the lower priority rule is a superset of 

3 the set of packets associated with the higher priority rule, resolving the conflict 

4 involves creating a new action list for the higher priority rule by prepending the 

5 action list of the higher priority rule to the action list of the lower priority rule. 



1 14. (Original) The computer-readable storage medium of claim 10, 

2 wherein if the set of packets associated with the lower priority rule intersects the 

3 set of packets associated with the higher priority rule, resolving the conflict 

4 involves: 

5 creating a new rule with a filter that defines the intersection of the set of 

6 packets associated with lower priority rule and the set of packets associated with 

7 the higher priority rule; and 

8 creating an action list for the new rule by prepending the action list of the 

9 higher priority rule to the action list of the lower priority rule. 

1 15. (Original) The computer-readable storage medium of claim 10, 

2 wherein prior to modifying a rule in the set of network service rules, the method 
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3 further comprises cloning the rule to ensure that potential conflicts with rules that 

4 appear later in the set of network service rules are not overlooked. 



1 16. (Original) The computer-readable storage medium of claim 10, 

2 wherein the priority of a given rule is based upon one or more of the following: 

3 a priority associated with a network service from which given rule 

4 originated; 

5 a count of the number of prefix bits specified by the filter for the given 

6 rule; and 

7 a time stamp indicating when the given rule was incorporated into the set 

8 of network service rules. 

1 17. (Original) The computer-readable storage medium of claim 10, 

2 wherein an action specified by a network service rule can include, but is not 

3 limited to: 

4 dropping a packet; 

5 gathering statistical information about the packet; 

6 controlling timer functions associated with the packet; 

7 modifying the packet; and 

8 passing the packet on. 

1 18. (Original) The computer-readable storage medium of claim 10, 

2 wherein the multiple network services can include, but is not limited to: 

3 a firewall service; 

4 a service level agreement monitoring service; 

5 a load balancing service; 

6 a transport matching service; 

7 a failover service; and 
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8 a high availability service. 



1 19. (Currently Amended) An apparatus that resolves conflicts between 

2 network service rules for network data traffic in a system where rule patterns with 

3 longer prefixes match before rule patterns with shorter prefixes, comprising: 

4 a receiving mechanism configured to receive one or more flows of 

5 packets; 

6 a mechanism configured to collapse various operations related to 

7 managing network flows into a single flow classification and dispatch step; 

8 a receiving mechanism configured to receive a set of network service rules for 

9 network data traffic from multiple network services, wherein network service 

10 rules from different network services can possibly conflict; 

1 1 wherein each of the network service rules specifies, a filter that defines a 

12 prefix for a set of packets in the packet flow, and an action list that specifies one 

1 3 or more actions to be applied to the set of packets; 

14 a conflict detection mechanism configured to identify a-conflicts between 

1 5 a-higher priority rules and a-lower priority rules in the set of network service rules 

16 that are to be applied to packet flows ; and 

17 a conflict resolution mechanism configured to resolve the conflict by 

18 constructing a consistent set of network service rules with modified action lists, 

19 wherein each action list is modified by prepending an action list of the higher 

20 priority rule to an action list of a rule with a filter that defines a longer prefix. 

1 20. (Original) The apparatus of claim 19, wherein if the set of packets 

2 associated with the higher priority rule is equal to the set of packets associated 

3 with the lower priority rule, the conflict resolution mechanism is configured to: 

4 create a new action list for the higher priority rule by prepending the action 

5 list of the higher priority rule to the action list of the lower priority rule; and to 
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6 



delete the lower priority rule. 



1 21 . (Original) The apparatus of claim 19, wherein if the set of packets 

2 associated with the higher priority rule is a superset of the set of packets 

3 associated with the lower priority rule, the conflict resolution mechanism is 

4 configured to create a new action list for the lower priority rule by prepending the 

5 action list of the higher priority rule to the action list of the lower priority rule. 

1 22. (Original) The apparatus of claim 19, wherein if the set of packets 

2 associated with the lower priority rule is a superset of the set of packets associated 

3 with the higher priority rule, the conflict resolution mechanism is configured to 

4 create a new action list for the higher priority rule by prepending the action list of 

5 the higher priority rule to the action list of the lower priority rule. 



1 23. (Original) The apparatus of claim 19, wherein if the set of packets 

2 associated with the lower priority rule intersects the set of packets associated with 

3 the higher priority rule, the conflict resolution mechanism is configured to: 

4 create a new rule with a filter that defines the intersection of the set of 

5 packets associated with lower priority rule and the set of packets associated with 

6 the higher priority rule; and to 

7 create an action list for the new rule by prepending the action list of the 

8 higher priority rule to the action list of the lower priority rule. 

1 24. (Original) The apparatus of claim 19, wherein prior to modifying a 

2 rule in the set of network service rules, the conflict resolution mechanism is 

3 configured to clone the rule to ensure that potential conflicts with rules that appear 

4 later in the set of network service rules are not overlooked. 
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1 25. (Original) The apparatus of claim 19, wherein the priority of a 

2 given rule is based upon one or more of the following: 

3 a priority associated with a network service from which given rule 

4 originated; 

5 a count of the number of prefix bits specified by the filter for the given 

6 rule; and 

7 a time stamp indicating when the given rule was incorporated into the set 

8 of network service rules. 

1 26. (Original) The apparatus of claim 19, wherein an action specified 

2 by a network service rule can include, but is not limited to: 

3 dropping a packet; 

4 gathering statistical information about the packet; 

5 controlling timer functions associated with the packet; 

6 modifying the packet; and 

7 passing the packet on. 

1 27. (Original) The apparatus of claim 1 9, wherein the multiple network 

2 services can include, but is not limited to: 

3 a firewall service; 

4 a service level agreement monitoring service; 

5 a load balancing service; 

6 a transport matching service; 

7 a failover service; and 

8 a high availability service. 
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